-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: chromium-browser security update Advisory ID: RHSA-2020:0514-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2020:0514 Issue date: 2020-02-17 CVE Names: CVE-2019-18197 CVE-2019-19880 CVE-2019-19923 CVE-2019-19925 CVE-2019-19926 CVE-2020-6381 CVE-2020-6382 CVE-2020-6385 CVE-2020-6387 CVE-2020-6388 CVE-2020-6389 CVE-2020-6390 CVE-2020-6391 CVE-2020-6392 CVE-2020-6393 CVE-2020-6394 CVE-2020-6395 CVE-2020-6396 CVE-2020-6397 CVE-2020-6398 CVE-2020-6399 CVE-2020-6400 CVE-2020-6401 CVE-2020-6402 CVE-2020-6403 CVE-2020-6404 CVE-2020-6405 CVE-2020-6406 CVE-2020-6408 CVE-2020-6409 CVE-2020-6410 CVE-2020-6411 CVE-2020-6412 CVE-2020-6413 CVE-2020-6414 CVE-2020-6415 CVE-2020-6416 CVE-2020-6417 =====================================================================
1. Summary:
An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - i686, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, i686, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, i686, x86_64
3. Description:
Chromium is an open-source web browser, powered by WebKit (Blink).
This update upgrades Chromium to version 80.0.3987.87.
Security Fix(es):
* chromium-browser: Integer overflow in JavaScript (CVE-2020-6381)
* chromium-browser: Type Confusion in JavaScript (CVE-2020-6382)
* chromium-browser: Insufficient policy enforcement in storage (CVE-2020-6385)
* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6387)
* chromium-browser: Out of bounds memory access in WebAudio (CVE-2020-6388)
* chromium-browser: Out of bounds write in WebRTC (CVE-2020-6389)
* chromium-browser: Out of bounds memory access in streams (CVE-2020-6390)
* libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197)
* sqlite: invalid pointer dereference in exprListAppendList in window.c (CVE-2019-19880)
* sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923)
* sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925)
* sqlite: error mishandling because of incomplete fix of CVE-2019-19880 (CVE-2019-19926)
* chromium-browser: Insufficient validation of untrusted input in Blink (CVE-2020-6391)
* chromium-browser: Insufficient policy enforcement in extensions (CVE-2020-6392)
* chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6393)
* chromium-browser: Insufficient policy enforcement in Blink (CVE-2020-6394)
* chromium-browser: Out of bounds read in JavaScript (CVE-2020-6395)
* chromium-browser: Inappropriate implementation in Skia (CVE-2020-6396)
* chromium-browser: Incorrect security UI in sharing (CVE-2020-6397)
* chromium-browser: Uninitialized use in PDFium (CVE-2020-6398)
* chromium-browser: Insufficient policy enforcement in AppCache (CVE-2020-6399)
* chromium-browser: Inappropriate implementation in CORS (CVE-2020-6400)
* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6401)
* chromium-browser: Insufficient policy enforcement in downloads (CVE-2020-6402)
* chromium-browser: Incorrect security UI in Omnibox (CVE-2020-6403)
* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6404)
* sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405)
* chromium-browser: Use after free in audio (CVE-2020-6406)
* chromium-browser: Insufficient policy enforcement in CORS (CVE-2020-6408)
* chromium-browser: Inappropriate implementation in Omnibox (CVE-2020-6409)
* chromium-browser: Insufficient policy enforcement in navigation (CVE-2020-6410)
* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6411)
* chromium-browser: Insufficient validation of untrusted input in Omnibox (CVE-2020-6412)
* chromium-browser: Inappropriate implementation in Blink (CVE-2020-6413)
* chromium-browser: Insufficient policy enforcement in Safe Browsing (CVE-2020-6414)
* chromium-browser: Inappropriate implementation in JavaScript (CVE-2020-6415)
* chromium-browser: Insufficient data validation in streams (CVE-2020-6416)
* chromium-browser: Inappropriate implementation in installer (CVE-2020-6417)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Chromium must be restarted for the changes to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1770768 - CVE-2019-18197 libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure 1787032 - CVE-2019-19880 sqlite: invalid pointer dereference in exprListAppendList in window.c 1788846 - CVE-2019-19923 sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference 1788866 - CVE-2019-19925 sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive 1789364 - CVE-2019-19926 sqlite: error mishandling because of incomplete fix of CVE-2019-19880 1801160 - CVE-2020-6381 chromium-browser: Integer overflow in JavaScript 1801161 - CVE-2020-6382 chromium-browser: Type Confusion in JavaScript 1801162 - CVE-2020-6385 chromium-browser: Insufficient policy enforcement in storage 1801163 - CVE-2020-6387 chromium-browser: Out of bounds write in WebRTC 1801164 - CVE-2020-6388 chromium-browser: Out of bounds memory access in WebAudio 1801165 - CVE-2020-6389 chromium-browser: Out of bounds write in WebRTC 1801166 - CVE-2020-6390 chromium-browser: Out of bounds memory access in streams 1801167 - CVE-2020-6391 chromium-browser: Insufficient validation of untrusted input in Blink 1801168 - CVE-2020-6392 chromium-browser: Insufficient policy enforcement in extensions 1801169 - CVE-2020-6393 chromium-browser: Insufficient policy enforcement in Blink 1801170 - CVE-2020-6394 chromium-browser: Insufficient policy enforcement in Blink 1801171 - CVE-2020-6395 chromium-browser: Out of bounds read in JavaScript 1801172 - CVE-2020-6396 chromium-browser: Inappropriate implementation in Skia 1801173 - CVE-2020-6397 chromium-browser: Incorrect security UI in sharing 1801174 - CVE-2020-6398 chromium-browser: Uninitialized use in PDFium 1801175 - CVE-2020-6399 chromium-browser: Insufficient policy enforcement in AppCache 1801176 - CVE-2020-6400 chromium-browser: Inappropriate implementation in CORS 1801177 - CVE-2020-6401 chromium-browser: Insufficient validation of untrusted input in Omnibox 1801178 - CVE-2020-6402 chromium-browser: Insufficient policy enforcement in downloads 1801179 - CVE-2020-6403 chromium-browser: Incorrect security UI in Omnibox 1801180 - CVE-2020-6404 chromium-browser: Inappropriate implementation in Blink 1801181 - CVE-2020-6405 sqlite: Out-of-bounds read in SELECT with ON/USING clause 1801182 - CVE-2020-6406 chromium-browser: Use after free in audio 1801184 - CVE-2020-6408 chromium-browser: Insufficient policy enforcement in CORS 1801185 - CVE-2020-6409 chromium-browser: Inappropriate implementation in Omnibox 1801186 - CVE-2020-6410 chromium-browser: Insufficient policy enforcement in navigation 1801187 - CVE-2020-6411 chromium-browser: Insufficient validation of untrusted input in Omnibox 1801188 - CVE-2020-6412 chromium-browser: Insufficient validation of untrusted input in Omnibox 1801189 - CVE-2020-6413 chromium-browser: Inappropriate implementation in Blink 1801190 - CVE-2020-6414 chromium-browser: Insufficient policy enforcement in Safe Browsing 1801191 - CVE-2020-6415 chromium-browser: Inappropriate implementation in JavaScript 1801192 - CVE-2020-6416 chromium-browser: Insufficient data validation in streams 1801193 - CVE-2020-6417 chromium-browser: Inappropriate implementation in installer
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
i686: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
x86_64: chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
i686: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
x86_64: chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
i686: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
x86_64: chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
i686: chromium-browser-80.0.3987.87-1.el6_10.i686.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.i686.rpm
x86_64: chromium-browser-80.0.3987.87-1.el6_10.x86_64.rpm chromium-browser-debuginfo-80.0.3987.87-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-18197 https://access.redhat.com/security/cve/CVE-2019-19880 https://access.redhat.com/security/cve/CVE-2019-19923 https://access.redhat.com/security/cve/CVE-2019-19925 https://access.redhat.com/security/cve/CVE-2019-19926 https://access.redhat.com/security/cve/CVE-2020-6381 https://access.redhat.com/security/cve/CVE-2020-6382 https://access.redhat.com/security/cve/CVE-2020-6385 https://access.redhat.com/security/cve/CVE-2020-6387 https://access.redhat.com/security/cve/CVE-2020-6388 https://access.redhat.com/security/cve/CVE-2020-6389 https://access.redhat.com/security/cve/CVE-2020-6390 https://access.redhat.com/security/cve/CVE-2020-6391 https://access.redhat.com/security/cve/CVE-2020-6392 https://access.redhat.com/security/cve/CVE-2020-6393 https://access.redhat.com/security/cve/CVE-2020-6394 https://access.redhat.com/security/cve/CVE-2020-6395 https://access.redhat.com/security/cve/CVE-2020-6396 https://access.redhat.com/security/cve/CVE-2020-6397 https://access.redhat.com/security/cve/CVE-2020-6398 https://access.redhat.com/security/cve/CVE-2020-6399 https://access.redhat.com/security/cve/CVE-2020-6400 https://access.redhat.com/security/cve/CVE-2020-6401 https://access.redhat.com/security/cve/CVE-2020-6402 https://access.redhat.com/security/cve/CVE-2020-6403 https://access.redhat.com/security/cve/CVE-2020-6404 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-6406 https://access.redhat.com/security/cve/CVE-2020-6408 https://access.redhat.com/security/cve/CVE-2020-6409 https://access.redhat.com/security/cve/CVE-2020-6410 https://access.redhat.com/security/cve/CVE-2020-6411 https://access.redhat.com/security/cve/CVE-2020-6412 https://access.redhat.com/security/cve/CVE-2020-6413 https://access.redhat.com/security/cve/CVE-2020-6414 https://access.redhat.com/security/cve/CVE-2020-6415 https://access.redhat.com/security/cve/CVE-2020-6416 https://access.redhat.com/security/cve/CVE-2020-6417 https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXkpN4tzjgjWX9erEAQiSURAAlAo6G1kZCxmD5PEQXzvGOU2TRGWuFg6z S+V8Esq+AcCb2XEJTt17+Gn0jW6yQfUBCBmjOoZ/4hjr0poFeVB5vKb+AY8fXve7 xv/MhyGtnIOfDvWmAF2GN7lfiU0B9WAd12Udh/iVBSb/+L8ecmbvwwI/LzjUySWH 2C2ZODVbTxmoEjc4wythPAutdFfrviSJATbc3kxW83FqvYgsxSoRcmm+CrcTvRa6 gGue+9F19XzdaN2OMahCsSn0r4v3/BPSbm4HtnS0q8IotpvohbWiF4x3tffV++Fi KoCoV/9yKNpHHeaGNBe/fCg+91dJc8uAlbjomED3/huBoD544E/ptH18WyE7kqcd 46vUfCdvyD3CTZbYmt/K6Age7NhK86KHJb8YPoS2tiC5q9z9lumLiQMiJ2Y411X3 IwYHM6qFhJTJnetMDyavY3k0wFle6NUctXyKLuvvQcF2G/YLaUH/0zfx1OqNHr2u V5tfvZNc/vwUsedtb+ct55LT1o3sdpF8ObPDg2iRN7+2XopNeZdaKCTDAhCFuhCG FABC37pYNzBDTFoVu4yc36k5rL/2dRT9S/h1YkvWEly9LwZIVhrUF1j99VLKGThP vpOoL9pp0UoTPxHnaTEhWsv+kxEWuaEwcvMJkoCyukWnC6PQrKhqlazed2BZVmaT NsxBlW4nT+g= =xupY -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
|